hijack this log - dslreports.com

Author	All Replies
58fury @verizon.net	hijack this log Hello, I have just downloaded and ran HiJack This and I'm posting the log here, as recommended. We have Spy Spot S&R but it doesnt fix the trouble. Mainly, when clicking on a link or image while using a web browser, like Google, YAhoo etc. I get redirected to a browser called MORWILL search or sometimes another called UP SPIRAL and soon after Internet Explorer will freeze up all together. So, Here is the log from HiJack, Hopefully someone here can tell me what I need to do. Thankyou Logfile of HijackThis v1.97.7 Scan saved at 10:19:04 PM, on 10/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Toolbar\TBPSSvc.exe C:\Program Files\Common Files\WinTools\WToolsS.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\LTMSG.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Softex\OmniPass\Help.exe C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\Program Files\Common Files\AOL\1124416704\ee\AOLHostManager.exe C:\PROGRA~1\Toolbar\TBPS.exe C:\Program Files\Common Files\AOL\1124416704\ee\AOLServiceHost.exe C:\PROGRA~1\COMMON~1\WinTools\WSup.exe C:\PROGRA~1\Toolbar\PIB.exe C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\QUICKENW\QWDLLS.EXE C:\Program Files\interMute\SpamSubtract\SpamSub.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Program Files\RegistryFix\RegistryFix.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FY47ZH0D\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = »red.clientapps.yahoo.com/customi···ahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »srch-qus10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »srch-qus10.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »red.clientapps.yahoo.com/customi···ahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: Bho - {7DC404A8-2B7F-4793-BE15-0AA7796C300F} - C:\WINDOWS\system32\rwkewctw.dll O2 - BHO: (no name) - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\ServicePackFiles\i386\dbacc.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: Bho - {93E6D9BF-3C17-47eb-AE59-2737BB09022E} - C:\WINDOWS\system32\hubituyf.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll O3 - Toolbar: &WebSearch Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124416704\ee\AOLHostManager.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup O4 - HKLM\..\Run: [PPClean RunOnce insertion] "C:\Program Files\Yahoo!\YPSR\ppclean.exe" "files\yahoo!\ypsr\ppclean.exe" "files\yahoo!\ypsr\ppclean.exe" "files\yahoo!\ypsr\ppclean.exe" "files\yahoo!\ypsr\ppclean.exe" "files\yahoo!\ypsr\ppclean.exe" "files\yahoo!\ypsr\ppclean.exe" "clean" "wintools" "2" "configreboot" O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Control Pad (HKLM) O9 - Extra 'Tools' menuitem: Control Pad (HKLM) O9 - Extra button: Research (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O9 - Extra button: WeatherBug (HKCU) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - »www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - »www.alternatiff.com/install/00/alttiff.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - »download.macromedia.com/pub/shoc···r/sw.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - »us.dl1.yimg.com/download.yahoo.c···0510.cab O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - »download.akamaitools.com.edgesui···ager.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - »www.linksysfix.com/netcheck/24/i···wnls.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - »messenger.msn.com/download/MsnMe···ader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - »h30043.www3.hp.com/aio/en/check/···.cab?319
	to forum · permalink · · 2005-10-13 22:56:12 ·
johnpd Premium join:2003-11-20 Green Valley, AZ	You are using an outdated version of HijackThis. Please download the current version (1.99.1) and post a new log. You can get it from here.
	to forum · permalink · · 2005-10-13 23:15:14 ·
bakalao2k join:2001-03-20 Chicago, IL	reply to 58fury Disable the System Resotre and boot into safe mode and re-run Hijackthis. Your machine is infected with Spyware.WebSearch (WinTools/HuntBar). Start HiJackThis and remove these items from your system. C:\PROGRA~1\COMMON~1\WinTools\WSup.exe C:\PROGRA~1\Toolbar\TBPSSvc.exe C:\Program Files\Common Files\WinTools\WToolsS.exe R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll (file missing) O2 - BHO: Bho - {7DC404A8-2B7F-4793-BE15-0AA7796C300F} - C:\WINDOWS\system32\rwkewctw.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll O2 - BHO: Bho - {93E6D9BF-3C17-47eb-AE59-2737BB09022E} - C:\WINDOWS\system32\hubituyf.dll O3 - Toolbar: &WebSearch Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART uninstalling Kazaa might fix remove this O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - Go to the Control Panel > Add/Remove Programs and look for Kazaa, My Search, Websearch and/or WinTools and remove them. Kazaa is full of spyware. Reboot your system and repost your HJT log. -- "Don't hate the player, hate the game..."
	to forum · permalink · · 2005-10-13 23:29:56 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL 1 edit	Hello, to everyone in this thread. There are forum rules that are posted here: »Posting Rules - Security quote: Attention: If you are planning to post a "HijackThis Log", Click on this link first »Security »I think my computer is infected or hijacked. What should I do? to see the rules you need to follow. All "HijackThis" Threads Will Be Locked or deleted unless you follow these steps first. And there is a reason for that. I have seen the OP's newest log here »Hijack This Log and Update and it is now much worse. Messing with that bundle of spyware improperly and He's now got the Vundo pest that requires a special fix, plus all of the infected files from above are still there and still need removal. HijackThis is NOT a stand alone tool! Most of the HJT "fixes" only removes the startup key from the registry and leaves the infected files behind. So I had to get permission from the Mods to post up the Vundo fix for this user to get them going but you are going to have to then follow the "I think I'm infected" FAQ to fully remove all infections. ..................... First, go to your Control Panel and look in Add/Remove programs for New.net or NewDotNet Highlight it and remove it from there. This is important as removing it any other way could affect your ability to connect to the internet. If it does not remove from there, please proceed with these instructions: »www.newdotnet.com/removal.html .................. Now, the Vundo Fix Please follow these instructions: 1. Make a copy of these instructions so you have them handy as the most steps need to be done in safe mode with IE closed. 2. Please download the VundoFix tool »www.atribune.org/downloads/VundoFix.exe 3. Double-click VundoFix.exe to extract the files 4. This will create a folder named VundoFix on your desktop. 5. After the files are extracted, please reboot your computer into Safe Mode. How to start the computer in Safe mode »service1.symantec.com/SUPPORT/ts···_doc_nam 6. Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat You will first be presented with a message and a list of forums to seek help at (but you're already getting help now at this forum) At this point press enter one time. 7. Next you will see: quote: Type in the filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix At this point please copy and paste the following file path (make sure to enter it exactly as below!): C:\WINDOWS\ServicePackFiles\i386\dbacc.dll Press Enter, then press the F6 key, then press Enter one more time to continue with the fix. 8. Next you will see: quote: Please type in the second filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix. At this point please copy and paste the following file path (make sure to enter it exactly as below!): C:\WINDOWS\ServicePackFiles\i386\ccabd.* Press Enter, then press the F6 key, then press Enter one more time to continue with the fix. 9. The fix will run then HijackThis will open. Using HijackThis, please place a check next to the following items and click the FIX CHECKED button: O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\ServicePackFiles\i386\dbacc.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing) O20 - Winlogon Notify: dbacc - C:\WINDOWS\ServicePackFiles\i386\dbacc.dll O20 - Winlogon Notify: dbimg - C:\WINDOWS\SERVIC~1\dbimg.dll O20 - Winlogon Notify: keyreg - C:\WINDOWS\msagent\keyreg.dll 10. After you have fixed these items, close HijackThis and Press any key to force a reboot of your computer. Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry! Once your machine reboots please continue with the instructions below. 11. Then, please run this online virus scan to clean up any leftovers: »www.pandasoftware.com/products/a···scan.htm Save the results of the Panda ActiveScan so you can post them for review back here. 12. Also please post a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic. Then proceed to follow the steps required here: »Security »I think my computer is infected or hijacked. What should I do? Make sure that you get Adaware SE and Ewido. Install, update and do a full system scan with both, rebooting your PC inbetween. Post back here with the results of those scans and the steps you were able to complete. There is a possibility you have a double infection of Vundo, so there may be more to do. Edit: Typos -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2006 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2005-10-14 19:06:05 ·
garys_2k join:2004-05-07 Farmington, MI ·Future Nine Corpor.. ·Vonage	said by CalamityJane : Hello, to everyone in this thread. There are forum rules that are posted here: »Posting Rules - Security quote: Attention: If you are planning to post a "HijackThis Log", Click on this link first »Security »I think my computer is infected or hijacked. What should I do? to see the rules you need to follow. All "HijackThis" Threads Will Be Locked or deleted unless you follow these steps first. And there is a reason for that. I have seen the OP's newest log here »Hijack This Log and Update and it is now much worse. Messing with that bundle of spyware improperly and He's now got the Vundo pest that requires a special fix, plus all of the infected files from above are still there and still need removal. HijackThis is NOT a stand alone tool! Most of the HJT "fixes" only removes the startup key from the registry and leaves the infected files behind. Wow. CJ, you are 100% correct with your warning, but what this means is that spyware removal is becoming more and more of a specialty task. So many of the spyware removal tools (which is, imho, what HijackThis! bills itself as) can not address the root causes of many of these new infections. Not too long ago all you needed was a virus scanner/remover, Spybot S&D and AdAware. Occasionally something more was needed, but those used to be enough of a toolkit for 90+% of what would hit you. But it seems like those are now the good old days. Now one really has to approach any infection with extreme caution for fear of making it worse. I'm really thankful to the real experts like yourself for helping. I read most of these threads hoping to learn how to fix this stuff, but what I seem to be learning is that it's best to run the scans in the FAQ and then just keep my hands off. Thanks, CJ, and the rest of the expert crew! We all owe you a lot.
	to forum · permalink · · 2005-10-14 19:54:40 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL 1 edit	The FAQ will eliminate most if not all of the junk on an infested PC and that's why it's there for use before posting a HijackThis log. But yes, spyware and other malware like it are becoming more and more difficult to remove. Prevention is the best step. If people would keep their Critical Security Updates fully updated from Windows and watch what they download, it would eliminate a lot of these types of problems. »Security »How do I prevent browser hijacks and spyware? Once infested, they really need to get all the scanners, AV online scans and other tools in the FAQ will clean up most of the mess much better than going the HJT route first. HJT is really only a diagnostic tool to show us a snapshot of what undetected malware may be lurking so that we can point them to the proper tool to remove it. It's not meant to replace full system scanners by any means Edit: Typos -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2006 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2005-10-14 20:02:46 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	reply to garys_2k said by garys_2k : I read most of these threads hoping to learn how to fix this stuff, but what I seem to be learning is that it's best to run the scans in the FAQ and then just keep my hands off. Now, we can always use more trained helpers, and if you do want to learn how to properly help others using HijackThis there are a number of fine training camps available. You will need to apply for admission, but it is not hard to get in and learn the ropes! These are my two fav's and I still hang out to keep up with the latest threats and infections: BootCamp at SpywareInfo.com »forums.spywareinfo.com/index.php···topic=34 The Classroom Here, Join the Classroom »forums.tomcoyote.com/index.php?s···pic=1421 -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2006 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2005-10-14 20:15:03 ·
garys_2k join:2004-05-07 Farmington, MI ·Future Nine Corpor.. ·Vonage	said by CalamityJane : said by garys_2k : I read most of these threads hoping to learn how to fix this stuff, but what I seem to be learning is that it's best to run the scans in the FAQ and then just keep my hands off. Now, we can always use more trained helpers, and if you do want to learn how to properly help others using HijackThis there are a number of fine training camps available. You will need to apply for admission, but it is not hard to get in and learn the ropes! These are my two fav's and I still hang out to keep up with the latest threats and infections: BootCamp at SpywareInfo.com »forums.spywareinfo.com/index.php···topic=34 The Classroom Here, Join the Classroom »forums.tomcoyote.com/index.php?s···pic=1421 Thanks! I'll be off to school shortly!
	to forum · permalink · · 2005-10-15 11:10:04 ·


Sunday, 06-Dec 06:49:17	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF